WO2005096542A1 - Deploying and provisioning wireless handheld devices - Google Patents

Deploying and provisioning wireless handheld devices Download PDF

Info

Publication number
WO2005096542A1
WO2005096542A1 PCT/CA2005/000466 CA2005000466W WO2005096542A1 WO 2005096542 A1 WO2005096542 A1 WO 2005096542A1 CA 2005000466 W CA2005000466 W CA 2005000466W WO 2005096542 A1 WO2005096542 A1 WO 2005096542A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
public key
user
public
shared secret
Prior art date
Application number
PCT/CA2005/000466
Other languages
English (en)
French (fr)
Inventor
Herbert A. Little
Michael K. Brown
Original Assignee
Research In Motion Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Research In Motion Limited filed Critical Research In Motion Limited
Priority to CA2561796A priority Critical patent/CA2561796C/en
Priority to AT05729970T priority patent/ATE438973T1/de
Priority to JP2007505347A priority patent/JP4701238B2/ja
Priority to DE602005015831T priority patent/DE602005015831D1/de
Priority to AU2005228061A priority patent/AU2005228061A1/en
Priority to BRPI0509538A priority patent/BRPI0509538B1/pt
Priority to EP05729970A priority patent/EP1735945B1/en
Priority to CN2005800175522A priority patent/CN101023622B/zh
Publication of WO2005096542A1 publication Critical patent/WO2005096542A1/en
Priority to HK07103611.6A priority patent/HK1095950A1/xx

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3215Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • This application relates to an apparatus and method of establishing an authentic and secure relationship between two messaging systems to exchange data. More specifically this application describes an apparatus and method of establishing an authentic relationship between a wireless handheld device ("mobile device") and a message center or host system using password-based authentication methods.
  • mobile device wireless handheld device
  • the apparatus and method described herein is applicable to land-line environments as well as wireless environments.
  • EKE Encrypted Key Exchange
  • PDM Password Derived Moduli
  • SPEKE Simple Password-authenticated Exponential Key Exchange
  • a password-based encryption communication system in wireless or wired environments, having perfect forward secrecy is described. It includes using a long-term generated key-pair in combination with a short-term authentication key-pair, generated using a shared secret, to allow for the implementation of perfect forward secrecy.
  • the long-term public key is piggy-backed with the authentication public key to enable an authentic exchange of long-term keys. This enables the corresponding party that is in possession of the shared secret, to receive and be able to use the long-term public key.
  • a method carried out by a first system for establishing a secure bidirectional communication path between the first system and a second system for an exchange of one or more messages is described.
  • the method comprises generating a first key pair having a first public key and a first private key, and generating a second key pair having a second public key and a second private key.
  • the second public key is generated based upon a shared secret known to the first system and the second system.
  • the method also comprises sending the second public key and the first public key to the second system, and receiving a third public key and a fourth public key generated by the second system, wherein the fourth public key is generated based upon the shared secret.
  • the method also comprises calculating a master key based upon the first private key, the second private key, the third public key and the fourth public key, wherein the master key is configured to be used in encryption of one or more messages.
  • a system comprises a memory and a processing unit coupled to the memory wherein the processing unit is configured to execute the above- noted steps.
  • a computer readable carrier contains processing instructions adapted to cause a processing unit to execute the above-noted steps.
  • Figure 1 shows a block diagram of a first exemplary communication system, between a fixed and a wireless system.
  • Figure 2 shows a block diagram of a second exemplary communication system, between two wireless systems.
  • Figure 3 shows a block diagram of a third exemplary communication system, between two fixed systems.
  • Figure 4 shows a message exchange diagram of an exemplary set of data exchanges for implementing the communication system of Figure 1 where a user is the initiator of the data exchange.
  • Figure 5 shows a message exchange diagram of an exemplary set of data exchanges for implementing the communication system of Figure 1 where a service provider is the initiator of the data exchange.
  • Figure 6 shows a data flow diagram of the steps within the user software for carrying out the steps in Figure 4 where the user is the initiator of the key exchange.
  • Figure 7 shows a data flow diagram of the steps within the service software for carrying out the steps in Figure 4 where the user is the initiator of the key exchange.
  • Figure 8 shows a data flow diagram of the steps within the service user for a re-key sequence when regenerating another key in the environment illustrated in Figures 1, 2 and 3.
  • Figure 9 shows a data flow diagram of the steps needed within the service provider for a re-key sequence when regenerating another key in the environment illustrated in Figures 1, 2 and 3.
  • DETAILED DESCRIPTION Referring to Figure 1, there is shown a block diagram of a first exemplary communication system, between a fixed and a wireless system.
  • This overview diagram shows a network environment where the invention is used.
  • the diagram shows an exemplary embodiment of the invention and focuses on a network topology that includes a mobile device that is wireless.
  • Between the service offering (also referred to herein as a service provider) and the service user are one or more networks and one or more connections to enable the flow of data between the two systems.
  • the service offering 20 or 22 can be many possible computers offering services to users.
  • some well known service providers could be computers on the Internet within an Internet Service Provider (ISP) or Application Service Provider (ASP) office.
  • ISP Internet Service Provider
  • ASP Application Service Provider
  • the service offering 20 and 22 can also be one or more computers running within a private or public company, like a bank, stock broker, insurance broker or some other service-oriented company.
  • the service offering 20 or 22 may also be run as part of a cluster of computers operating world-wide, making up a Universal Description, Discovery and Integration Cluster (UDDI cluster).
  • UDDI cluster Universal Description, Discovery and Integration Cluster
  • the common element in all these service offerings 20 and 22 is that these service offerings 20 and 22 need to establish a secure data channel with a user. In the case of UDDI the secure relationship might be needed to exchange private service listings, or even to allow UDDI to proxy a service offering.
  • the mobile devices and the service hosts may be addressed in a variety of different ways. In some embodiments, they may be addressed with IP (internet protocol) addresses.
  • the host system may be addressed by an e-mail address.
  • the destination address may be an e-mail address of a user of the mobile device within the host system.
  • HTTP mobile hyper-text transfer protocol
  • WAP mobile wireless application protocol
  • TCP/IP transmission control protocol/internet protocol
  • J2ME Java 2 Micro Edition
  • the service offering 20 and 22 can be based on an HTTP web server solution, a Java Enterprise solution, a wireless markup language (WML) based service offering or some proprietary service solution created for a specific purpose.
  • mobile systems and host systems referred to herein can each comprise one or more respective memories (e.g., containing processing instructions) and one or more respective processing units, such as those conventionally known, e.g., general purpose processing units and/or special purpose processing units such as application specific integrated circuits (ASICs) and field programmable gate arrays (FPGAs), wherein the processing units can be configured (e.g., programmed with suitable software and/or firmware instructions, and/or produced with specialized hardware circuits) to carry out the approaches described herein.
  • ASICs application specific integrated circuits
  • FPGAs field programmable gate arrays
  • Each of such systems can also include any suitable interface(s), such as those conventionally known, which can operate in conjunction with a respective processing unit(s) to facilitate communication with other systems.
  • the end-points in the communication path are coupled through one or more data networks that allow the exchange of data, voice, video, music, photographs or any other digital media that can be exchanged through a data communications channel.
  • the two main networks included in this illustration are a Wide Area Network (WAN) 26, the most common one being the Internet, and a wireless network 28.
  • the wireless network 28 could be a GSM/GPRS network, a CDMA/1XRTT network, a CDMA2000 network, a 3 rd Generation network like EDGE or UMTS or many other public wireless networks soon to be available.
  • these networks are coupled using links 24 like ISDN, TI, Ethernet (land-line and 802.11), Frame Relay, ATM, ADSL or some other high speed internet connection to the host service 10b.
  • links 24 like ISDN, TI, Ethernet (land-line and 802.11), Frame Relay, ATM, ADSL or some other high speed internet connection to the host service 10b.
  • the invention works with these existing data communication paths to provide advanced password-based authentication. This level of security provides greater confidence that the recipient of any communicated data is exactly the entity you expect.
  • One embodiment for a data communication path 36 is illustrated between a Host System service offering 22 and a user of the service on a mobile device 32.
  • Another embodiment for a data communication path 40 is illustrated between a UDDI service offering 20 and a user of the service on a mobile device 30.
  • the host system service offering 22 has an out-of-band communication 34 (i.e., a communication over any suitable secure channel) with a user of a mobile device 32.
  • the out-of-band communication path 34 is used for exchanging a shared secret, avoiding the insecure path that is to be made secure. Since the UDDI service cloud provides some level of security, a UDDI service cloud might be used to locate the service and receive the out-of-band shared secret with the final destination service.
  • the following are a few examples of out-of-band communication paths 34 and 38: (a) The mobile device user 30 or 32 and an operator at the host system 20 or 22, establish a phone call with each other to exchange the shared secret. The secret is then entered into each system and used in the process of creating an encryption key.
  • the mobile device user 30 or 32 connects to a secure web site 20 or 22, either wirelessly or over a wired network and requests a key.
  • the key is received and manually entered into the mobile device 30 or 32.
  • the host system 20 or 22 could receive the key automatically from the web server, or it could also be manually entered. In some embodiments, a record is automatically generated after a shared secret was requested.
  • the user of the mobile device 30 or 32 makes the request for the service and the shared secret is e-mailed by the host system 20 or 22 to their corporate mailbox that is known to be in a secure area. The user retrieves the shared secret from their electronic mailbox and manually enters it into the mobile device 30 or 32.
  • the user of the mobile device 30 or 32 makes the request for the service and an operator at the service 20 or 22 generates a shared secret and it is given to a specified person who is known to be trusted and secure.
  • This person could be a secretary or administrator of a given group; ideally it is someone that can confirm the identity of the user making the request.
  • This trusted person then gives the shared secret to the final user of the mobile device 30 or 32 and it is manually entered into the mobile device 30 or 32.
  • This short list shows that there are many ways to authentically give a shared secret to a mobile device 20b user.
  • the common property of these exemplary out-of-band communications 34 and 38 is that some level of authentication is built in or assumed in the choice made. This authenticated communication path is different than the non- authenticated data communication path.
  • SPEKE is a cryptographic method for knowledge-based authentication that leverages and protects easy-to-remember passwords - i.e. shared secrets.
  • SPEKE is the simplest of the known strong password methods. It is a password- authenticated Diffie-Hellman exchange, where the password forms the base or "generator" of the exchange. (In standard Diffie-Hellman, the base is usually a fixed public number.)
  • the re-key sequence can be initiated.
  • the re-key sequence allows for the generation of a new set of keys after a predetermined number of weeks or months.
  • the advanced use of long-term encryption keys allows for the implementation of perfect forward secrecy.
  • the authentication secret shared secret
  • the re-keying operation does not compromise previous keys and all previous conversations remain secret into the future.
  • Figure 2 there is shown a block diagram of an exemplary communication system, between two wireless systems, according to an embodiment of the present invention.
  • a secure path can be created between two mobile devices.
  • mobile device 1 46 and mobile device 2 48 exchange a secret and are able to establish a common key using that shared secret.
  • the out-of-band conversation 50 could take place via a phone call between the two parties, or a face-to- face meeting, or using one of the other methods already outlined or any other suitable method.
  • the secret Once the secret is shared, it can be manually typed into the mobile devices 46 and 48, and one station can initiate the exchange of messages to create a common master security key.
  • This type of embodiment might be commonly used for private point-to-point e-mail conversations. It could also be used for point-to-point secure instant messaging data exchanges.
  • FIG. 3 there is shown a block diagram of an exemplary communication system, between two fixed systems, according to an embodiment of the present invention.
  • the communication takes place between two Host Systems 60 and 62.
  • the service offering 60 and the service consumer 62 have an out-of-band conversation 66 and exchange a secret key.
  • this out-of-band communication could be a phone call, a communication via a browser with a secure SSL connection to generate and retrieve the key, or some other suitable communication such as provided earlier.
  • an encryption key can be generated using strong password-based key generation methods like SPEKE.
  • the communication path to exchange the key in this illustration could be over a WAN network like the Internet 26, or through an internal Intranet 64, or other suitable communication path such as or similar to an 802.11 or Bluetooth link.
  • the service consumer 62 might be running a laptop or palmtop and already have a limited access to the Intranet, but greater security is required.
  • 802.1 lb lacks the robust security requirements requested by most large computer departments inside companies.
  • This embodiment illustrates that the invention can be used to provide the option of perfect forward secrecy when using a password-based authentication mechanism.
  • the data communication path 68 can be used to exchange all forms of data secretly with high security.
  • FIG. 4 there is shown a message exchange diagram showing an exemplary set of data exchanges for generating and verifying a master key, where the user is the initiator of the data exchange.
  • This illustration shows exemplary steps and message exchanges between a service consumer 100 (user) and a service provider 102.
  • one end of the connection is considered a service consumer or user 100, and has been given the label system A.
  • the other end of the connection is considered the service provider (also referred to as a service offering) or host system 102, and has been given the label system B.
  • the user 100 initiates the exchange of data to create a secure connection.
  • Between System A and System B is a message exchange over one or more data communication networks such as illustrated in Figure 1.
  • the user could be a mobile device 30, 32 or 48, or a Host System 62.
  • the service provider could be a mobile device 46 or a Host System 20, 22 or 60.
  • the user 100 contacts a known service provider 102 through one of the methods already described for out-of-band communication or through another suitable method to exchange a shared secret.
  • This service provider 102 wants to facilitate this exchange and issues a secret password or simple, easy to remember password strings (step 106).
  • a shared secret is generated and exchanged between the two parties.
  • the user 100 receives and saves the secret to assist in encryption key generation.
  • the service provider 102 can receive a secret password (shared secret) from the user 100.
  • the service provider saves the shared secret in relation to this user.
  • the user 100 then initiates (in this example) steps of generating key pairs (step 108) and transferring key information to the service provider (step 110).
  • the user 100 generates a long-term encryption key pair at step 108, i.e., the public and private parts of an encryption key.
  • a short-term authentication key pair is also generated at step 108 by the user 100. This short-term key pair is referred to as an authentication key pair in this example because it is generated using the shared secret as discussed further below.
  • the public keys thereof are transmitted at step 110 to the service provider 102 to further generate the final master key (also referred to as a master secret).
  • This transfer can take place over an insecure link, as only the host system 102 that issued the shared secret can understand and use the short-term authentication key to generate the master key.
  • the service provider 102 proceeds to generate its own short-term authentication key pair using the shared secret (step 114).
  • the service provider 102 also generates its own long-term encryption key pair (step 114).
  • the service provider 102 uses the public keys generated by the user 100 and using the shared secret to generate a master encryption key (or master secret) as shown at step 116.
  • the shared secret provides the authentication necessary to trust the information exchanged.
  • the service provider's short-term public authentication key, the service provider's long-term public encryption key, and a key confirmation value that has been calculated by the service provider using the newly generated master encryption key, and some known string, are sent to the user (step 116).
  • the user receives the information (step 118) sent from the service provider 102 including the service provider's short-term and long-term public keys and generates the user's own master key (step 120). With this master key the user verifies the key confirmation value (step 120).
  • the key confirmation value could be the hash of the master key and the name of the service or some other known string, agreed upon by the user and the service provider. If the key confirmation value does not verify, the master key created by the user 100 is not trusted, and it is assumed that someone is trying to compromise the connection. If the master encryption key generated by the user 100 seems valid the user then sends a final key confirmation value back to the service provider (step 122). The service provider receives the message, verifies the key confirmation value and marks the user as ready to go (step 124). This allows full data exchange to take place from the service provider's point of view (step 128). On the user side, once the verification message is sent there would be a slight pause in transmission but then full data exchange can begin (step 126).
  • Transmissions may comprise e-mail messages, HTTP (hyptertext transfer protocol)-based traffic, such as XML (extensible markup language), WML (wireless markup language), etc., or other types of traffic.
  • the host system is capable of sending a data payload in a message sent to the mobile device before the final confirmation value is sent to it from the mobile device.
  • the payload in this message may be a service book entry that defines the host service at the host system.
  • the service book entry may be a UDDI service entry that defines attributes of a host service at the host system being accessed.
  • the long-term encryption key pair generated by a first party (e.g., a user) as described herein is an example of, more generally, a first key pair, wherein the public key portion and the private key portion thereof can be referred to as a first public key and a first private key.
  • the short-term authentication key pair (also referred to as a short-term encryption key pair) generated by the first party (e.g., the user) as described herein is an example of, more generally, a second key pair, wherein the public key portion and the private key portion thereof can be referred to as a second public key and a second private key.
  • the long-term encryption key pair generated by a second party as described herein is an example of, more generally, a third key pair, wherein the public key portion and the private key portion thereof can be referred to as a third public key and a third private key.
  • the short-term authentication (or encryption) key pair generated by the second party as described herein is an example of, more generally, a fourth key pair, wherein the public key portion and the private key portion thereof can be referred to as a fourth public key and a fourth private key.
  • the first party that generates the first and second key pairs could be a user, such as described in the example above, or a service provider, such as described in the example below.
  • FIG. 5 there is shown a message exchange diagram showing an exemplary set of data exchanges for generating and verifying a master key, where the service provider is the initiator of the data exchange.
  • the steps within Figure 5 substantially correspond to the steps within Figure 4, except the service provider takes the first step.
  • This example highlights that either the user or the service provider can be the initiator of the data exchange.
  • one end of the connection is considered the user 100, and is labeled system A - service consumer.
  • the other end of the connection is considered the service 102, and is labeled system B - Service Provider.
  • Between System A 100 and System B 102 is a message exchange over one or more data communication networks 26, 28 and 64 such as illustrated in Figures 1, 2 and 3.
  • the user could be a mobile device 30, 32 or 48, or a Host System 20, 22, 46 or 60.
  • the service provider 102 contacts the user 100 (in this example) to exchange a shared secret.
  • the user could initiate this communication. It is contemplated that an administrator within a host company 102 might contact the user 100 and inform the user that the user has to perform some action with the shared secret being provided.
  • the shared secret is generated and exchanged (steps 200 and 202).
  • the User component receives and saves the shared secret to assist in encryption key generation.
  • the service provider 102 can receive a secret password (shared secret) from the user 100. In either case, the service provider saves the shared secret in relation to this user.
  • the service provider 102 can initiate (in this example) steps of generating key pairs (step 204) and transferring key information to the user 100 (step 206).
  • the service provider 102 generates a short-term authentication key pair and a long-term encryption key pair (step 204). This corresponds to step 108 in Figure 4.
  • the public keys thereof are transmitted to the user (step 206) to further generate the final master key (also referred to as a master secret).
  • the service provider's public keys are received by the user, and it checks memory to verify the service creation is expected and that it has a shared secret saved in memory (step 208).
  • the user recalls the shared secret for that service provider 102 and generates a short-term authentication key pair using the shared secret (step 210).
  • the user also generates a long-term encryption key pair (step 210).
  • the user 100 uses the public keys generated and sent by the service provider 102 and using the shared secret, the user 100 generates a master encryption key (or master secret) as shown at step 212.
  • the user 100 After generating the master key the user 100 also generates a key confirmation value by combining a known string (i.e., known to itself and the service offering) with the master key (step 212).
  • the user's short-term public authentication key the long-term public encryption key, and the key confirmation value are sent to the service provider (step 212).
  • the service provider receives the user's public keys and key confirmation value and verifies the sender of the information (step 214), and also recalls the shared secret for this user.
  • the service provider recalls its own saved private key values for this user (step 214).
  • the service provider can now generate a master key (step 216).
  • the service provider 102 After generating the master key, the service provider 102 verifies the key confirmation value by calculating its own key confirmation value, using the known string and the newly created master key, and comparing it against the received key confirmation value (step 216). If the key confirmation value does not verify, the created master key is not trusted, and it is assumed that someone is trying to compromise the connection. If the key confirmation value does verify, the master encryption key is considered valid and the service provider 102 sends a final key confirmation value back to the user (step 218). The user receives the message (step 220), verifies the key confirmation value, and marks the service provider as ready to go (step 220). This allows full data exchange to take place from the user's point of view (step 222).
  • Transmissions may comprise e-mail messages, HTTP (hypertext transfer protocol)- based traffic, such as XML (extensible markup language), WML (wireless markup language), etc., or other types of traffic.
  • Figure 6 is a data flow diagram of exemplary steps carried out by the user (e.g., within the user software) for ca ⁇ ying out the exemplary approach shown in Figure 4, when the user is the initiator of the key exchange.
  • the first step occurs when the user discovers a new service and wants to access it (step 300). This might occur via a UDDI- like service, through a corporate Intranet service, through browsing the world-wide web, through conversation with a friend or through a phone call.
  • a shared secret 's' that only the two of them know (step 302). Exemplary methods for this exchange have been described in detail already.
  • This shared secret 's' will be used later like a PIN (Personal Identification Number) to authenticate the user and the service to each other.
  • the user e.g., in software
  • the user generates a long-term key pair for the requested service (step 304).
  • This long-term key pair is one of the key values used during all for future re- keying operations.
  • G of size order(G)
  • q order(g) is a large prime number.
  • G and g may be publicly known, i.e., they do not need to be kept secret.
  • Exemplary mathematical calculations to create key values are as follows (using a SPEKE method), and while the exemplary calculations shown below utilize a multiplicative group, it will be apparent that suitable calculations could be carried out using an additive group:
  • the value 'A' is the user's long-term public key (or, more generally, first public key), and the value 'a' is the user's long-term private key (or, more generally, first private key).
  • the selected number 'a' is greater than 1 and less than the prime number q - 1.
  • the value 'X' is the user's short-term public key (or, more generally, second public key), and the value 'x' is the user's short-term private key (or, more generally, second private key).
  • the value 's' is the shared secret.
  • the selection of 'x' is between 1 and the prime number q - 1.
  • the user software then sends the public key values 'A' and 'X' to the service offering (service provider) as shown at step 308. This step proceeds to (A) where the service offering receives the values and performs additional calculations, shown in Figure 7.
  • 'x' is the user's short-term private authentication key (or, more generally, second private key)
  • ⁇ ' is the received short-term public authentication key of the service offering (or more generally, fourth public key).
  • 'a' is the user's long-term private encryption key (or, more generally, first private key)
  • 'B' is the received long- term public encryption key of the service offering (or, more generally, third public key).
  • the value 'k' represents the master key that can be used for encrypting data between the user and the service.
  • the value 'k' is a combination of the intermediate keys 'kl ' (based on the short-term authentication keys) and 'k2' (based on the long-term encryption keys).
  • the negotiation for a key can be aborted 316. If a subset attack is not detected, the master key 'k' can be used by the user to test the key confirmation value sent by the service offering (step 318).
  • One method for generating a key confirmation value is to hash the key with a known string such as the bytes in the public key "A”. An exemplary calculation to test key confirmation value would be:
  • step 320 If the software's generated key confirmation value for 'A' does not match (step 320) the received key confirmation value, then it is incorrect (step 322). An incorrect key confirmation value could mean that a man-in-the-middle attack, or some other attack is being attempted. The operation will be aborted in this case (step 322). If the two confirmation values match, then it is assumed that a fully secure link has been established (step 324). The link is marked as valid and after a short delay will be used for communications (step 324). Using the newly generated verification key, the user sends this value back to the service (step 326). This follows back to Figure 6 following label (C).
  • FIG. 7 is a data flow diagram of exemplary steps carried out by the service offering (e.g., within the service provider software) for carrying out the exemplary approach shown in Figure 4 when the user is the initiator of the key exchange as shown in Figure 4.
  • AES Advanced Encryption Standard
  • the process starts when a user contacts a service provider 'out-of-band' to exchange a shared secret (step 398). This corresponds with step 302 in Figure 6 on the user's device.
  • This out-of-band exchange has been discussed several times and also provides a level of authentication that the user and service are who they say they are.
  • the user is free at any point in time to contact the service to begin the process.
  • the host service shown with message (A) arriving from the user's flow chart in Figure 6, the new user is verified (step 400). Since a service provider might have tens or hundreds of users wanting to start using their service at any time, the service provider is passive until the user decides he wants to start the service.
  • the arrival of the message allows the service provider to find the new user and verify that a shared secret exists (step 400).
  • the user's public short-term authentication key which is based on the shared secret (step 400).
  • the message also contains the user's public long-term encryption key (step 400), which can be used in the implementation to create perfect forward secrecy when re-key operations take place, Figures 7 and 8.
  • the service offering generates a long-term encryption key pair for this user, in a manner similar to the long-term encryption key-pair created by the user (step 402). Exemplary mathematical calculations to create the service offering's long-term encryption key pair are as follows (e.g., using a SPEKE method):
  • the value 'B' is the service offering's (service provider's) long-term public key (or more generally, third public key), and the value 'b' is the service offering's long-term private key (or, more generally, third private key).
  • the selected number 'b' is greater than 1 and less than the prime number q - 1.
  • the service offering also generates a short-term authentication key pair based on the shared secret (step 404).
  • the value ⁇ ' is the service offering's (service provider's) public short-term authentication key (or, more generally, fourth public key), and the value 'y' is the service offering's private short-term authentication key (or, more generally, fourth private key).
  • the selection of 'y' is between 1 and the prime number q - 1.
  • the public key values 'B' and 'Y' will eventually be sent to the user to generate the user's own master key.
  • the service offering then uses the public keys 'A' and 'X' received from the user, and the private keys just calculated to generate a master key (step 406).
  • the encryption method provides perfect forward secrecy.
  • To provide perfect forward secrecy the implementation also uses the private keys in the re-generation of subsequent keys during any re-key sequence.
  • An exemplary master key calculation is as follows:
  • 'y' is the service offering's short-term private encryption key (or, more generally, fourth private key)
  • 'X' is the received short-term public encryption key of the user (or, more generally, second public key).
  • 'b' is the service offering's long- term private key (or, more generally, third private key)
  • 'A' is the received long-term public encryption key of the user (or, more generally, first public key).
  • the value 'k' represents the master key generated by the service offering, and it is the same as the master key generated by the user. This master key can be used for encrypting data between the service and the user.
  • the value 'k' is a combination of the intermediate keys 'kl ' (based on the short-term authentication keys) and 'k2' (based on the long-term encryption keys).
  • An important check can be made on the intermediate key values of kl and k2 at step 408 to verify that these two values are not 0, 1 or order(G)-l; otherwise it could mean there is a security attack being attempted. This attack would result if the key were being forced into a small subset of total possible keys.
  • One method for generating a key confirmation value is to hash the key with a known string such as the bytes in the public key "B". An exemplary calculation to test the string (key confirmation value) would be:
  • the service offering would then transmit the test string to the user so that it can verify that the master key generated by the user matches the master key created by the service offering.
  • the service offering then sends the long-term public encryption key 'B', the short-term public authentication key 'Y' (or, fourth public key) and the verification string h ⁇ to the user (step 414).
  • the user Once the user has generated its own master key 'k' it sends back a final key confirmation value to ensure the service offering knows that everything has worked correctly (C).
  • This final step (C) is shown in Figure 7 as an input to the service offering at step 416. If the key confirmation value was calculated based upon 'A' and sent to the service offering (step 416), then this is what the test looks for (step 418).
  • the Re-Key Data Flow Sequence Figure 8 is a data flow diagram showing exemplary steps within the user (e.g., within software) for a re-key sequence when regenerating another key in the environment illustrated in Figures 1, 2 and 3. This procedure illustrates the utility of using the long- term encryption key to enable the implementation of perfect forward secrecy. The process starts when either the user or the service offering decide a new key is required. For this example we will assume the host (service provider) is running an encryption key expiry timer.
  • step 430 a re-key request is received by the user, or the user decides to cut a new key (step 430).
  • step 430 could be executed by the service provider instead of the user.
  • the user software generates a new short-term encryption key (step 432).
  • An exemplary mathematical calculation is based on SPEKE and uses the same sequence as shown before:
  • 'x' is a "new" value generated for the user's short-term private encryption key.
  • the value 'x' can be referred to either as an "encryption” key or as an "authentication” key (as was done previously) because the value 'x' contributes to both aspects.
  • the selection of 'x' must be between 1 and the prime number q - 1.
  • the user software then sends the newly generated public key value 'X' to the service provider 434. This step proceeds to (D) where the service provider receives the value and performs additional calculations. Step (D) is taken into Figure 9 as input on the service provider side of the connection.
  • 'x' is the user's new short-term private encryption key
  • 'Y' is the new received short-term public encryption key generated by the service provider.
  • the value 'a' is the user's existing long-term private encryption key
  • 'B' is the service provider's existing long-term public encryption key.
  • the value 'k' represents the new master key that can be used for encrypting data between the user and the service provider.
  • the value 'k' is a combination of the intermediate keys 'kl ' (based on the short-term encryption key) and 'k2' (based on the long-term encryption keys).
  • step 442 An important check can be made on the intermediate key values of kl and k2 (step 442) to verify that these two values are not 0, 1 or order(G)-l; otherwise or it could mean there is a security attack being attempted (step 442). If however the value of kl or k2 does fall into one of these small subset groups the negotiation for a key can be aborted (step 444). If a subset attack is not detected, the new master key 'k' can be used to test the key confirmation value sent by the service offering (service provider) as shown at step 446.
  • One method for generating a key confirmation value is to hash the key with a known string like the bytes of the public key of "A". The approach for calculating a key confirmation value can be the same as previously described.
  • step 450 If the calculated key confirmation value does not match what was received (step 448), the key is assumed to be in error (step 450). An inco ⁇ ect key confirmation value would mean that a man-in-the- middle attack, or some other attack is being attempted. Otherwise the user generates a final key confirmation value using the master key 'k' (step 452). The key confirmation value is sent to the service provider (step 454) as a final confirmation; as shown at point (F) in Figure 8. Then after a short pause the new encryption key is used within the user software (step 456). During a short period of time there is also a window where messages that were previously transmitted could a ⁇ ive in.
  • FIG. 9 this represents a data flow diagram of exemplary steps within the service provider for a re-key sequence when regenerating another key in the environment illustrated in Figures 1, 2 and 3.
  • This procedure shows the utility of using the long-term encryption key for implementing perfect forward secrecy.
  • the user has started the process and has already created a new short-term encryption (or authentication) key pair as shown in Figure 8.
  • the arrival of the short-term public encryption key 'X' is shown as input (D).
  • the public key is received and the user's configuration information is recalled and checked (step 460).
  • the service offering then generates a new short-term encryption key pair for use over the next segment of time (step 462).
  • Exemplary mathematics to create a new short-term encryption key is similar to what has been shown before, except the shared secret 's' is not used.
  • the selection of 'y' is between 1 and the prime number q - 1.
  • the value 'Y' will eventually be sent to the user to generate a master key (step 472).
  • a master key is generated by the service provider using the value 'X' that was just received from the user and the newly generated value 'y'.
  • the encryption method provides for perfect forward secrecy.
  • An exemplary master key calculation is as follows:
  • 'y' is the service provider's new short-term private encryption key
  • 'X' is the new received short-term public encryption key generated by the user.
  • the value 'b' is the service provider's existing long-term private encryption key
  • 'A' is the user's existing long-term public encryption key.
  • the value 'k' represents the master key for the service offering (step 464). This will be used for encrypting all data between the service offering and the user.
  • the value 'k' is a combination of the intermediate keys 'kl' (based on the new short-term encryption keys) and 'k2' (based on the long-term encryption keys).
  • 'k' is not directly dependent on the original shared secret 's', but the values 'A' and 'b' carry some of the authentication originally provided by 's'.
  • a check can be made on the intermediate key values of kl and k2 (step 466) to verify that these two values are not 0, 1 or order(G)- 1; otherwise it could mean there is a security attack being attempted. If kl or k2 do fall into one of these small subset groups the negotiation for a key can be aborted (step 468). If a subset attack is not detected, the master key 'k' can be used to test the key confirmation value sent by the service offering (step 470).
  • One method for generating a key confirmation value is to hash the key with a known string like the bytes in the public key "B" (step 470). This calculation can be similar to those already described.
  • the service offering would then transmit its new short-term public encryption key 'Y' and the key confirmation value h ⁇ to the user (step 472). This transfer of the key values and the key confirmation value is shown at transfer box (E) in Figure 9.
  • the user Once the user has generated its own master key 'k', it sends back a final key confirmation value to ensure the service offering knows that everything has worked co ⁇ ectly (step 454 of Figure 8) as shown at (F). This final step at (F) is shown in Figure 9 as an input to the service offering (step 474).
  • any form of computer readable carrier can contain processing instructions adapted to a cause a processing unit to execute the methods described herein.
  • the computer readable carrier can be any suitable type of ca ⁇ ier, such as solid-state memory (e.g., read only memory (ROM), random access memory (RAM), etc.), magnetic memory, optical memory, other type of memory, or modulated waves/signals (such as radio frequency, audio frequency, or optical frequency modulated waves/signals) containing an appropriate set of computer instructions that would cause a processing unit to carry out the techniques described herein.
  • solid-state memory e.g., read only memory (ROM), random access memory (RAM), etc.
  • magnetic memory e.g., magnetic memory, optical memory, other type of memory, or modulated waves/signals (such as radio frequency, audio frequency, or optical frequency modulated waves/signals) containing an appropriate set of computer instructions that would cause a processing unit to carry out the techniques described herein.
  • modulated waves/signals such as radio frequency, audio frequency, or optical frequency modulated waves/signals

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Computer And Data Communications (AREA)
  • Transmitters (AREA)
  • Walking Sticks, Umbrellas, And Fans (AREA)
  • Rehabilitation Tools (AREA)
  • Toys (AREA)
PCT/CA2005/000466 2004-04-02 2005-03-30 Deploying and provisioning wireless handheld devices WO2005096542A1 (en)

Priority Applications (9)

Application Number Priority Date Filing Date Title
CA2561796A CA2561796C (en) 2004-04-02 2005-03-30 Key agreement and re-keying over a bidirectional communication path
AT05729970T ATE438973T1 (de) 2004-04-02 2005-03-30 Einsatz und provisionierung drahtloser in der hand gehaltener einrichtungen
JP2007505347A JP4701238B2 (ja) 2004-04-02 2005-03-30 双方向通信経路を介した鍵合意および鍵の再生成
DE602005015831T DE602005015831D1 (de) 2004-04-02 2005-03-30 Einsatz und provisionierung drahtloser in der hand gehaltener einrichtungen
AU2005228061A AU2005228061A1 (en) 2004-04-02 2005-03-30 Deploying and provisioning wireless handheld devices
BRPI0509538A BRPI0509538B1 (pt) 2004-04-02 2005-03-30 método, sinal digital, portadora, e primeiro sistema para estabelecer um percurso de comunicação bidirecional
EP05729970A EP1735945B1 (en) 2004-04-02 2005-03-30 Deploying and provisioning wireless handheld devices
CN2005800175522A CN101023622B (zh) 2004-04-02 2005-03-30 配置和供应无线手持设备
HK07103611.6A HK1095950A1 (en) 2004-04-02 2007-04-03 Deploying and provisioning wireless handheld devices

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US55909204P 2004-04-02 2004-04-02
US60/559,092 2004-04-02
US55964604P 2004-04-05 2004-04-05
US60/559,646 2004-04-05

Publications (1)

Publication Number Publication Date
WO2005096542A1 true WO2005096542A1 (en) 2005-10-13

Family

ID=35064141

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA2005/000466 WO2005096542A1 (en) 2004-04-02 2005-03-30 Deploying and provisioning wireless handheld devices

Country Status (12)

Country Link
US (4) US7885411B2 (zh)
EP (1) EP1735945B1 (zh)
JP (1) JP4701238B2 (zh)
KR (1) KR20060132026A (zh)
CN (1) CN101023622B (zh)
AT (1) ATE438973T1 (zh)
AU (2) AU2005228061A1 (zh)
BR (1) BRPI0509538B1 (zh)
CA (1) CA2561796C (zh)
DE (1) DE602005015831D1 (zh)
HK (1) HK1095950A1 (zh)
WO (1) WO2005096542A1 (zh)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100772180B1 (ko) 2005-12-08 2007-11-01 한국전자통신연구원 이더넷 기반의 수동형 광네트워크에서 광종단장치와광가입자장치들 간에 보안 채널 설정 방법 및 이를 위한프레임 전송 제어용 다중점 제어 프로토콜 메시지 구조
US8086872B2 (en) 2005-12-08 2011-12-27 Electronics And Telecommunications Research Institute Method for setting security channel based on MPCP between OLT and ONUs in EPON, and MPCP message structure for controlling frame transmission
US11120437B2 (en) 2016-02-23 2021-09-14 nChain Holdings Limited Registry and automated management method for blockchain-enforced smart contracts
US11126976B2 (en) 2016-02-23 2021-09-21 nChain Holdings Limited Method and system for efficient transfer of cryptocurrency associated with a payroll on a blockchain that leads to an automated payroll method and system based on smart contracts
US11182782B2 (en) 2016-02-23 2021-11-23 nChain Holdings Limited Tokenisation method and system for implementing exchanges on a blockchain
US11194898B2 (en) 2016-02-23 2021-12-07 nChain Holdings Limited Agent-based turing complete transactions integrating feedback within a blockchain system
US11308486B2 (en) 2016-02-23 2022-04-19 nChain Holdings Limited Method and system for the secure transfer of entities on a blockchain
US11349645B2 (en) 2016-02-23 2022-05-31 Nchain Holdings Ltd. Determining a common secret for the secure exchange of information and hierarchical, deterministic cryptographic keys
US11356280B2 (en) 2016-02-23 2022-06-07 Nchain Holdings Ltd Personal device security using cryptocurrency wallets
US11373152B2 (en) 2016-02-23 2022-06-28 nChain Holdings Limited Universal tokenisation system for blockchain-based cryptocurrencies
US11410145B2 (en) 2016-02-23 2022-08-09 nChain Holdings Limited Blockchain-implemented method for control and distribution of digital content
US11455378B2 (en) 2016-02-23 2022-09-27 nChain Holdings Limited Method and system for securing computer software using a distributed hash table and a blockchain
US11606219B2 (en) 2016-02-23 2023-03-14 Nchain Licensing Ag System and method for controlling asset-related actions via a block chain
US11621833B2 (en) 2016-02-23 2023-04-04 Nchain Licensing Ag Secure multiparty loss resistant storage and transfer of cryptographic keys for blockchain based systems in conjunction with a wallet management system
US11625694B2 (en) 2016-02-23 2023-04-11 Nchain Licensing Ag Blockchain-based exchange with tokenisation
US11727501B2 (en) 2016-02-23 2023-08-15 Nchain Licensing Ag Cryptographic method and system for secure extraction of data from a blockchain

Families Citing this family (52)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ES2219032T3 (es) * 1998-07-03 2004-11-16 Nokia Corporation Establecimiento de una conexion de sesion asegurada por medio del protocolo de aplicacion inalambrico (wap).
CA2277633C (en) * 1999-07-19 2009-10-20 Certicom Corp. Split-key key-agreement protocol
US7370350B1 (en) * 2002-06-27 2008-05-06 Cisco Technology, Inc. Method and apparatus for re-authenticating computing devices
US7861078B2 (en) * 2005-10-14 2010-12-28 Juniper Networks, Inc. Password-authenticated asymmetric key exchange
TW200816768A (en) * 2006-09-21 2008-04-01 Interdigital Tech Corp Group-wise secret key generation
US7870255B2 (en) * 2006-10-03 2011-01-11 Research In Motion Limited Access control system and method for wireless application provisioning
US8050403B2 (en) * 2007-03-06 2011-11-01 Research In Motion Limited Method and apparatus for generating a public key in a manner that counters power analysis attacks
US8131994B2 (en) 2007-06-01 2012-03-06 Cisco Technology, Inc. Dual cryptographic keying
US8838953B2 (en) * 2007-06-05 2014-09-16 Stmicroelectronics, Inc. System and method for using an out-of-band device to program security keys
US8204047B2 (en) * 2007-07-20 2012-06-19 Cisco Technology, Inc. Using PSTN reachability to verify caller ID information in received VoIP calls
US8121114B2 (en) 2009-02-12 2012-02-21 Cisco Technology, Inc. Prevention of voice over IP spam
US8274968B2 (en) * 2007-07-20 2012-09-25 Cisco Technology, Inc. Restriction of communication in VoIP address discovery system
US8072967B2 (en) * 2007-07-20 2011-12-06 Cisco Technology, Inc. VoIP call routing information registry including hash access mechanism
US8228903B2 (en) * 2007-07-20 2012-07-24 Cisco Technology, Inc. Integration of VoIP address discovery with PBXs
US8223755B2 (en) * 2007-07-20 2012-07-17 Cisco Technology, Inc. Node reputation based on knowledge of PSTN calls
US8228904B2 (en) * 2007-07-20 2012-07-24 Cisco Technology, Inc. Using PSTN reachability in anonymous verification of VoIP call routing information
US8199746B2 (en) 2007-07-20 2012-06-12 Cisco Technology, Inc. Using PSTN reachability to verify VoIP call routing information
US8228902B2 (en) * 2007-07-20 2012-07-24 Cisco Technology, Inc. Separation of validation services in VoIP address discovery system
US8208635B2 (en) 2007-11-13 2012-06-26 Rosemount Inc. Wireless mesh network with secure automatic key loads to wireless devices
US7522723B1 (en) * 2008-05-29 2009-04-21 Cheman Shaik Password self encryption method and system and encryption by keys generated from personal secret information
DE102009032465B4 (de) * 2008-07-16 2016-10-13 Infineon Technologies Ag Sicherheit in Netzwerken
US20100042841A1 (en) * 2008-08-15 2010-02-18 Neal King Updating and Distributing Encryption Keys
US8223754B2 (en) * 2009-02-09 2012-07-17 Cisco Technology, Inc. Auto-configured voice over internet protocol
US8296567B2 (en) 2009-07-15 2012-10-23 Research In Motion Limited System and method for exchanging key generation parameters for secure communications
US8645695B2 (en) * 2009-10-07 2014-02-04 Blackberry Limited System and method for managing security key architecture in multiple security contexts of a network environment
US8886935B2 (en) * 2010-04-30 2014-11-11 Kabushiki Kaisha Toshiba Key management device, system and method having a rekey mechanism
EP2509276B1 (de) * 2011-04-05 2013-11-20 F. Hoffmann-La Roche AG Verfahren zum sicheren Übertragen von elektronischen Daten über eine Datenkommunikationsverbindung zwischen einem Gerät und einem weiteren Gerät
US9093395B2 (en) * 2011-09-02 2015-07-28 Avogy, Inc. Method and system for local control of defect density in gallium nitride based electronics
JP5367039B2 (ja) * 2011-09-30 2013-12-11 株式会社東芝 サーバ装置及びプログラム
JP5643741B2 (ja) * 2011-12-02 2014-12-17 株式会社東芝 認証装置、認証方法および認証プログラム
US10148438B2 (en) * 2012-04-03 2018-12-04 Rally Health, Inc. Methods and apparatus for protecting sensitive data in distributed applications
KR101301609B1 (ko) * 2012-05-31 2013-08-29 서울대학교산학협력단 비밀키 생성 장치 및 방법, 그리고 그 방법을 컴퓨터에서 실행시키기 위한 프로그램을 기록한 기록매체
US9596077B2 (en) * 2013-04-22 2017-03-14 Unisys Corporation Community of interest-based secured communications over IPsec
KR102485789B1 (ko) 2013-08-13 2023-01-05 노쓰웨스턴유니버시티 펩티드-접합된 입자
EP3050011B1 (en) * 2014-05-02 2017-09-20 Barclays Bank Plc. Transaction authentication
US9887839B2 (en) * 2014-06-06 2018-02-06 Rainberry, Inc. Securely sharing information via a public key-value data store
US20160065374A1 (en) * 2014-09-02 2016-03-03 Apple Inc. Method of using one device to unlock another device
US20170091887A1 (en) * 2015-09-24 2017-03-30 Yahoo! Inc. Method for accessing an online account after the owner's death
US20180314512A1 (en) * 2015-10-15 2018-11-01 Otis Elevator Company Software updating device
US11212276B2 (en) * 2016-07-01 2021-12-28 Intel Corporation Single pairing for multiple technologies
EP3364596A1 (en) * 2017-02-15 2018-08-22 Koninklijke Philips N.V. Key exchange devices and method
EP3402118A1 (en) * 2017-05-10 2018-11-14 Koninklijke Philips N.V. Key agreement devices and method
US10530581B2 (en) * 2017-09-08 2020-01-07 Fujitsu Limited Authenticated broadcast encryption
US10715511B2 (en) * 2018-05-03 2020-07-14 Honeywell International Inc. Systems and methods for a secure subscription based vehicle data service
US10819689B2 (en) 2018-05-03 2020-10-27 Honeywell International Inc. Systems and methods for encrypted vehicle data service exchanges
US10797868B2 (en) * 2018-05-31 2020-10-06 Irdeto B.V. Shared secret establishment
GB201815396D0 (en) * 2018-09-21 2018-11-07 Nchain Holdings Ltd Computer implemented system and method
US11063921B2 (en) 2018-11-06 2021-07-13 International Business Machines Corporation Extracting data from passively captured web traffic that is encrypted in accordance with an anonymous key agreement protocol
CN112118568B (zh) * 2019-06-21 2022-02-25 华为技术有限公司 一种设备身份鉴权的方法及设备
TWI730355B (zh) * 2019-07-23 2021-06-11 新加坡商優納比控股私人有限公司 無線通信的動態金鑰產生方法
US11924337B2 (en) 2020-03-13 2024-03-05 Soliton Systems K.K. Sensitive data management system
US11882215B2 (en) * 2021-05-21 2024-01-23 Zoom Video Communications, Inc. Handling joining and leaving of participants in videoconferencing with end-to-end encryption

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6091820A (en) * 1994-06-10 2000-07-18 Sun Microsystems, Inc. Method and apparatus for achieving perfect forward secrecy in closed user groups
US6718467B1 (en) * 1999-10-28 2004-04-06 Cisco Technology, Inc. Password based protocol for secure communications

Family Cites Families (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5491750A (en) * 1993-12-30 1996-02-13 International Business Machines Corporation Method and apparatus for three-party entity authentication and key distribution using message authentication codes
US5491749A (en) 1993-12-30 1996-02-13 International Business Machines Corporation Method and apparatus for entity authentication and key distribution secure against off-line adversarial attacks
US5761305A (en) * 1995-04-21 1998-06-02 Certicom Corporation Key agreement and transport protocol with implicit signatures
US6487661B2 (en) 1995-04-21 2002-11-26 Certicom Corp. Key agreement and transport protocol
JPH1115373A (ja) * 1997-06-20 1999-01-22 Fuji Xerox Co Ltd 公開鍵暗号方式
US6219421B1 (en) * 1997-10-24 2001-04-17 Shaul O. Backal Virtual matrix encryption (VME) and virtual key cryptographic method and apparatus
US6279110B1 (en) * 1997-11-10 2001-08-21 Certicom Corporation Masked digital signatures
US6336188B2 (en) * 1998-05-01 2002-01-01 Certicom Corp. Authenticated key agreement protocol
CA2241705C (en) 1998-06-26 2006-06-20 Certicom Corp. A method for preventing key-share attacks
ES2219032T3 (es) * 1998-07-03 2004-11-16 Nokia Corporation Establecimiento de una conexion de sesion asegurada por medio del protocolo de aplicacion inalambrico (wap).
CA2255285C (en) * 1998-12-04 2009-10-13 Certicom Corp. Enhanced subscriber authentication protocol
JP4556277B2 (ja) * 1999-03-30 2010-10-06 ソニー株式会社 情報処理装置および方法、情報処理システム、並びにプログラム格納媒体
CA2277633C (en) * 1999-07-19 2009-10-20 Certicom Corp. Split-key key-agreement protocol
US7181014B1 (en) * 1999-09-10 2007-02-20 Cisco Technology, Inc. Processing method for key exchange among broadcast or multicast groups that provides a more efficient substitute for Diffie-Hellman key exchange
US7711122B2 (en) * 2001-03-09 2010-05-04 Arcot Systems, Inc. Method and apparatus for cryptographic key storage wherein key servers are authenticated by possession and secure distribution of stored keys
US7610045B2 (en) 2001-04-12 2009-10-27 Research In Motion Limited Advanced system and method for dynamically discovering, provisioning and accessing host services on wireless data communication devices
US8909555B2 (en) * 2001-04-24 2014-12-09 Hewlett-Packard Development Company, L.P. Information security system
JP4255046B2 (ja) * 2001-04-27 2009-04-15 日本電信電話株式会社 暗号通信路の確立方法、プログラム及びプログラム媒体、並びに、暗号通信システム
US7181015B2 (en) * 2001-07-31 2007-02-20 Mcafee, Inc. Method and apparatus for cryptographic key establishment using an identity based symmetric keying technique
US7127063B2 (en) * 2001-12-31 2006-10-24 Certicom Corp. Method and apparatus for computing a shared secret key
US7784684B2 (en) * 2002-08-08 2010-08-31 Fujitsu Limited Wireless computer wallet for physical point of sale (POS) transactions
US7353382B2 (en) * 2002-08-08 2008-04-01 Fujitsu Limited Security framework and protocol for universal pervasive transactions
US20040073795A1 (en) * 2002-10-10 2004-04-15 Jablon David P. Systems and methods for password-based connection
US7328282B2 (en) * 2003-10-23 2008-02-05 International Business Machines Corporation Aspect oriented web service invocation

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6091820A (en) * 1994-06-10 2000-07-18 Sun Microsystems, Inc. Method and apparatus for achieving perfect forward secrecy in closed user groups
US6718467B1 (en) * 1999-10-28 2004-04-06 Cisco Technology, Inc. Password based protocol for secure communications

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100772180B1 (ko) 2005-12-08 2007-11-01 한국전자통신연구원 이더넷 기반의 수동형 광네트워크에서 광종단장치와광가입자장치들 간에 보안 채널 설정 방법 및 이를 위한프레임 전송 제어용 다중점 제어 프로토콜 메시지 구조
US8086872B2 (en) 2005-12-08 2011-12-27 Electronics And Telecommunications Research Institute Method for setting security channel based on MPCP between OLT and ONUs in EPON, and MPCP message structure for controlling frame transmission
US11120437B2 (en) 2016-02-23 2021-09-14 nChain Holdings Limited Registry and automated management method for blockchain-enforced smart contracts
US11126976B2 (en) 2016-02-23 2021-09-21 nChain Holdings Limited Method and system for efficient transfer of cryptocurrency associated with a payroll on a blockchain that leads to an automated payroll method and system based on smart contracts
US11182782B2 (en) 2016-02-23 2021-11-23 nChain Holdings Limited Tokenisation method and system for implementing exchanges on a blockchain
US11194898B2 (en) 2016-02-23 2021-12-07 nChain Holdings Limited Agent-based turing complete transactions integrating feedback within a blockchain system
US11308486B2 (en) 2016-02-23 2022-04-19 nChain Holdings Limited Method and system for the secure transfer of entities on a blockchain
US11347838B2 (en) 2016-02-23 2022-05-31 Nchain Holdings Ltd. Blockchain implemented counting system and method for use in secure voting and distribution
US11349645B2 (en) 2016-02-23 2022-05-31 Nchain Holdings Ltd. Determining a common secret for the secure exchange of information and hierarchical, deterministic cryptographic keys
US11356280B2 (en) 2016-02-23 2022-06-07 Nchain Holdings Ltd Personal device security using cryptocurrency wallets
US11373152B2 (en) 2016-02-23 2022-06-28 nChain Holdings Limited Universal tokenisation system for blockchain-based cryptocurrencies
US11410145B2 (en) 2016-02-23 2022-08-09 nChain Holdings Limited Blockchain-implemented method for control and distribution of digital content
US11455378B2 (en) 2016-02-23 2022-09-27 nChain Holdings Limited Method and system for securing computer software using a distributed hash table and a blockchain
US11606219B2 (en) 2016-02-23 2023-03-14 Nchain Licensing Ag System and method for controlling asset-related actions via a block chain
US11621833B2 (en) 2016-02-23 2023-04-04 Nchain Licensing Ag Secure multiparty loss resistant storage and transfer of cryptographic keys for blockchain based systems in conjunction with a wallet management system
US11625694B2 (en) 2016-02-23 2023-04-11 Nchain Licensing Ag Blockchain-based exchange with tokenisation
US11727501B2 (en) 2016-02-23 2023-08-15 Nchain Licensing Ag Cryptographic method and system for secure extraction of data from a blockchain
US11755718B2 (en) 2016-02-23 2023-09-12 Nchain Licensing Ag Blockchain implemented counting system and method for use in secure voting and distribution
US11936774B2 (en) 2016-02-23 2024-03-19 Nchain Licensing Ag Determining a common secret for the secure exchange of information and hierarchical, deterministic cryptographic keys
US11972422B2 (en) 2016-02-23 2024-04-30 Nchain Licensing Ag Registry and automated management method for blockchain-enforced smart contracts

Also Published As

Publication number Publication date
ATE438973T1 (de) 2009-08-15
US8615086B2 (en) 2013-12-24
AU2005228061A1 (en) 2005-10-13
KR20060132026A (ko) 2006-12-20
CA2561796C (en) 2012-04-17
US20110103588A1 (en) 2011-05-05
JP2007531422A (ja) 2007-11-01
AU2009248475A1 (en) 2010-01-07
US8238558B2 (en) 2012-08-07
AU2009248475B2 (en) 2012-06-14
DE602005015831D1 (de) 2009-09-17
US20120294440A1 (en) 2012-11-22
EP1735945A1 (en) 2006-12-27
EP1735945A4 (en) 2007-06-20
CN101023622A (zh) 2007-08-22
US20050232428A1 (en) 2005-10-20
EP1735945B1 (en) 2009-08-05
HK1095950A1 (en) 2007-05-18
JP4701238B2 (ja) 2011-06-15
CA2561796A1 (en) 2005-10-13
CN101023622B (zh) 2010-12-08
US8090107B2 (en) 2012-01-03
BRPI0509538B1 (pt) 2019-01-15
BRPI0509538A (pt) 2007-09-18
US20120063599A1 (en) 2012-03-15
US7885411B2 (en) 2011-02-08

Similar Documents

Publication Publication Date Title
CA2561796C (en) Key agreement and re-keying over a bidirectional communication path
US8218773B2 (en) Systems and methods to securely generate shared keys
CA2564909C (en) Systems and methods to securely generate shared keys
US8515078B2 (en) Mass subscriber management
EP2037621B1 (en) Method and device for deriving local interface key
EP2073430B1 (en) Methods and systems for secure channel initialization transaction security based on a low entropy shared secret
KR19990072733A (ko) 데이터네트워크상의박형의클라이언트장치와서버장치사이에암호-발효프로세스를실행시키기위한방법및장치
AU2012202300B2 (en) Re-keying over a bidirectional communication path
EP2073484A1 (en) Methods and systems for secure channel initialization
Yang et al. An end-to-end authentication protocol in wireless application protocol
WO2005038608A2 (en) Mass subscriber management
NO327337B1 (no) En anordning og en metode for sterk brukerautentisering og kryptering av brukerdata i private virtuelle nettverk

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2561796

Country of ref document: CA

Ref document number: 2007505347

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 5748/DELNP/2006

Country of ref document: IN

WWW Wipo information: withdrawn in national office

Ref document number: DE

WWE Wipo information: entry into national phase

Ref document number: 2005228061

Country of ref document: AU

WWE Wipo information: entry into national phase

Ref document number: 2005729970

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 1020067022804

Country of ref document: KR

ENP Entry into the national phase

Ref document number: 2005228061

Country of ref document: AU

Date of ref document: 20050330

Kind code of ref document: A

WWP Wipo information: published in national office

Ref document number: 2005228061

Country of ref document: AU

WWE Wipo information: entry into national phase

Ref document number: 200580017552.2

Country of ref document: CN

WWP Wipo information: published in national office

Ref document number: 1020067022804

Country of ref document: KR

WWP Wipo information: published in national office

Ref document number: 2005729970

Country of ref document: EP

ENP Entry into the national phase

Ref document number: PI0509538

Country of ref document: BR